Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/IkNC-TUcCoYBxsQeLh6_eg3WO0Y.roa
File:                     IkNC-TUcCoYBxsQeLh6_eg3WO0Y.roa (raw, json)
Hash identifier:          FzBKtoxKdAzZGhoYpGryWwHPZ5WZpqNHKyLplIOiPAU=
Subject key identifier:   22:43:42:F9:35:1C:0A:86:01:C6:C4:1E:2E:1E:BF:7A:0D:D6:3B:46
Certificate issuer:       /CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
Certificate serial:       0194266BE1BC5508ECB537042BF2FB116C87
Authority key identifier: 45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/IkNC-TUcCoYBxsQeLh6_eg3WO0Y.roa
Signing time:             Thu 02 Jan 2025 09:49:51 +0000
ROA not before:           Thu 02 Jan 2025 09:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216054
IP address blocks:        194.1.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e1:bc:55:08:ec:b5:37:04:2b:f2:fb:11:6c:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
        Validity
            Not Before: Jan  2 09:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=224342f9351c0a8601c6c41e2e1ebf7a0dd63b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3d:25:14:a0:d5:de:42:04:18:37:ea:cf:cf:
                    0f:c7:8d:14:b0:79:81:92:40:25:8c:20:ae:25:02:
                    a4:e4:7f:f6:50:0b:1d:8d:9c:d4:19:54:f0:96:34:
                    eb:af:70:c7:3a:93:1d:df:44:88:e6:40:3a:c0:c3:
                    6d:07:52:aa:fd:49:27:b2:96:96:e9:97:41:8f:b3:
                    7b:2f:1f:e1:f8:0a:c6:5c:67:89:4b:2c:7f:36:56:
                    16:80:df:11:62:7a:c9:15:06:05:5f:3b:e0:f3:99:
                    d2:af:e3:00:48:8b:9f:4b:ca:21:b6:0c:86:a5:84:
                    ad:ad:8b:3e:d7:fb:90:01:fb:bf:59:cd:7e:58:91:
                    d2:57:ee:02:b2:47:ed:57:7d:c8:d3:d8:33:8f:6c:
                    b7:f8:a4:6f:b4:a1:75:c3:fd:b0:4f:fe:d8:18:b7:
                    8a:e5:c8:0c:cd:e5:24:e1:8a:44:ac:10:85:37:99:
                    fb:55:75:6b:68:c4:ad:2b:36:ff:cc:05:10:21:5b:
                    69:6f:82:6f:75:5b:ab:87:94:60:41:6b:02:07:1d:
                    3c:34:91:34:dc:d7:16:60:e5:5f:e9:8b:87:2a:e6:
                    8d:d7:ce:a8:0e:fe:c2:25:8c:75:82:b7:ec:67:a3:
                    b6:0c:28:d7:58:51:3c:e6:3e:ca:10:8d:0e:aa:9c:
                    75:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:43:42:F9:35:1C:0A:86:01:C6:C4:1E:2E:1E:BF:7A:0D:D6:3B:46
            X509v3 Authority Key Identifier:
                keyid:45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/IkNC-TUcCoYBxsQeLh6_eg3WO0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:64:55:c4:91:a8:74:34:96:8d:9b:01:f3:f0:6b:ac:88:bc:
         e6:d2:51:4c:70:9d:54:a4:44:33:a6:7b:4b:1f:31:d3:e0:b2:
         62:cc:07:cc:00:3d:ac:0b:e8:c5:2d:78:2c:6a:30:c2:48:7c:
         2e:3e:3a:1e:aa:75:13:fe:e4:ca:58:82:19:05:8d:13:c6:aa:
         e2:fd:2f:d3:4f:9d:6c:1c:6b:fa:0e:3f:5f:20:1c:c8:4f:fd:
         53:e0:6f:99:17:3d:eb:e3:3d:62:84:50:b4:fe:bb:b7:ac:b0:
         00:22:98:3c:6a:5f:e2:f2:a8:e7:28:0d:63:42:99:31:b5:55:
         66:12:46:7b:6a:37:be:79:57:bc:f0:a7:51:72:a1:27:46:95:
         dc:7f:0f:5f:49:c8:9f:d6:11:d9:38:06:e2:e8:2b:05:4f:74:
         24:c6:c3:cd:a2:74:76:59:70:14:6c:5c:e9:a8:00:3f:77:fe:
         21:07:41:72:8a:03:07:54:b8:d3:22:b3:56:04:1e:f3:27:c1:
         c6:61:40:3b:4d:a5:d7:f5:f8:60:c2:85:8a:17:b4:3a:02:ed:
         c4:93:8e:b2:46:d4:33:0b:2d:fa:5a:42:45:f5:ff:06:6b:42:
         9f:58:cc:7b:c7:b0:58:e2:92:f5:c4:94:de:a8:fd:b6:91:ce:
         f9:a7:c5:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+G8VQjstTcEK/L7EWyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGNjNTJhMDcwN2NjMzQwYWM5YzdmNmU5MDI4YjY0Yjcw
MjY3YmMwHhcNMjUwMTAyMDk0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjQzNDJmOTM1MWMwYTg2MDFjNmM0MWUyZTFlYmY3YTBkZDYzYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT0lFKDV3kIEGDfqz88Px40UsHmB
kkAljCCuJQKk5H/2UAsdjZzUGVTwljTrr3DHOpMd30SI5kA6wMNtB1Kq/UknspaW
6ZdBj7N7Lx/h+ArGXGeJSyx/NlYWgN8RYnrJFQYFXzvg85nSr+MASIufS8ohtgyG
pYStrYs+1/uQAfu/Wc1+WJHSV+4CskftV33I09gzj2y3+KRvtKF1w/2wT/7YGLeK
5cgMzeUk4YpErBCFN5n7VXVraMStKzb/zAUQIVtpb4JvdVurh5RgQWsCBx08NJE0
3NcWYOVf6YuHKuaN186oDv7CJYx1grfsZ6O2DCjXWFE85j7KEI0Oqpx14wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJDQvk1HAqGAcbEHi4ev3oN1jtGMB8GA1UdIwQY
MBaAFEWMxSoHB8w0CsnH9ukCi2S3Ame8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAt
NzA0MTQ5NjE5YzQ2LzEvSWtOQy1UVWNDb1lCeHNRZUxoNl9lZzNXTzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAtNzA0MTQ5NjE5YzQ2
LzEvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGbMA0G
CSqGSIb3DQEBCwUAA4IBAQAMZFXEkah0NJaNmwHz8GusiLzm0lFMcJ1UpEQzpntL
HzHT4LJizAfMAD2sC+jFLXgsajDCSHwuPjoeqnUT/uTKWIIZBY0Txqri/S/TT51s
HGv6Dj9fIBzIT/1T4G+ZFz3r4z1ihFC0/ru3rLAAIpg8al/i8qjnKA1jQpkxtVVm
EkZ7aje+eVe88KdRcqEnRpXcfw9fScif1hHZOAbi6CsFT3QkxsPNonR2WXAUbFzp
qAA/d/4hB0FyigMHVLjTIrNWBB7zJ8HGYUA7TaXX9fhgwoWKF7Q6Au3Ek46yRtQz
Cy36WkJF9f8Ga0KfWMx7x7BY4pL1xJTeqP22kc75p8Wp
-----END CERTIFICATE-----